Le ven 14/03/2003 à 17:17, Quanah Gibson-Mount a écrit :
> > I have to add "by anonymous search" in the third ACL to get it working
> > And after that I can comment the first ACL without effect
>
> Yup. If you want, and can figure out exactly what it information it is
> wanting to look at, you can restrict this even more. For us, any incoming
> connection needs access to the krb5PrincipalName attribute (since we are
> doing GSSAPI authentication for our applications), so I have the line:
>
> access to attr=krb5PrincipalName,member
> by * search
>
ok, but I believe that the information accessed by DIGEST-MD5 mechanism
is the userPassword attribute, so I don't want it to be world readable
:)
Am I wrong ?
Francois
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Senior Systems Administrator
> ITSS/TSS/Computing Systems
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>
>